I am creating a web page where each user can view their models. I save all the models in the same folder page and depending on the user I load one model or another. By editing the code, could a client load the model of a different client?
Iāll assume āI save all the models in the same folder pageā means a folder on the server? Is there any access restrictions implemented to block a user looking outside their own folder? If not, then yes, it will be possible to look in other folders by guessing or discovery. I recommend using GUIDs for a userās folder to reduce the risk.
1 Like